Welcome to the SecAware blog

I spy with my beady eye ...

21 Jun 2013

Honing your presentation skills for security awareness

Today on CISSPforum we've been chatting about Death by Powerpoint, the feeling that badly constructed and delivered presentations are not just tedious but counterproductive. Notable examples include eye-candywordy slidescool but distracting infographics and "When we understand that slide, we'll have won the war". This stuff is particularly important in topics as complex and arcane as information security. 

I’m not sure why PowerPoint is always in the dock, other than the routine M$bashing. It’s just a tool, one of many. It seems to me the problem lies not so much with the tools as with the craftsmen and women who wield them so ineptly and inappropriately.

You will rarely see the most accomplished, professional presenters using Powerpoint, or in fact any slides or handouts. They are positively overflowing with personality and expressiveness. They have presence and an infectious passion. They are naturals, true artists (though I'm sure we could argue nurture vs nature). For the rest of us, they are inspirational role models on how to present.

Seminars and conferences, documentaries, TV and radio interviews, training courses, sales pitches and political speeches are fabulous learning opportunities if you switch your focus from “What on Earth is he/she going on about?” to “How on Earth is he/she expressing it?” If anything, the less interest/knowledge you have in the subject the better as it means less distraction. It’s easy to make the switch from content to method if the presentation is terrible, boring, stilted and flat, but surprisingly hard if the presenter is passionate verging on evangelical, skilled and competent, has good material to work with, and knows how to hook you and spark your attention, even if you don’t (initially) care about the subject.

From the presenter’s perspective, it helps to remember that some of your audience hear what you’re saying, some see what you mean, some feel empathetic to your points … and some are texting or otherwise distracted, while a select few are quietly watching and listening to how you put it across (!). Some of us “think in pictures”, some worship the written word. There is no universal way to make a brilliant presentation since not only is every situation unique (inter/national conference <> sales meeting <> board meeting <> team meeting <> training course <> water-cooler-chat <> email <> phone <> Twitter) but every member of the audience is different and wants something different out of it, ranging from “the inside track” and “cool new ideas” to “a steer on what to do” or “something easy after lunch”. Picturing things from their perspectives and pandering to their information needs rather than just yours, is a vital part of preparing killer presentations.

Why not prepare and deliver your seminars like IT systems? Follow the waterfall from requirements specification (what is the seminar meant to achieve?) through design (key messages, the story-line, delivery modes) to development (crafting the content), testing (rehearsals, refinement), delivery (showtime!) and don't forget the outcome (what did it achieve, and what could I do better next time?). Measure, rinse, repeat. Practicing and learning from others is the key to getting better ...

... talking of which, I humbly offer three straw men, three Powerpoint presentations I wrote for "Securing People", a security awareness module around social engineering and security culture: one aimed at general employees, another for management, and the third intended for IT professionals. There are extensive speaker notes, plus various other briefings and accompanying materials in the free module, all covering the same topic. By all means critique or use them if you wish, but most of all I hope they are useful starting points for you to customize and adapt for your own purposes, or at least a source of creative energy. Aside from the information content, think about the format and the style - for instance the awareness materials intended to promote social interaction and discourse between people rather than passively receiving information broadcast at them. There may just be some good ideas here you can pinch for your awareness and training programs.

Likewise with a zillion other websites, blogs/articles and books about Powerpoint and presenting in general. There's loads of advice Out There if you are willing to sift through it, learn how to apply it and try it out. If you are naturally creative and innovative, you have a head start over the majority of IT and information security people. If not, why not collaborate with someone who is? I do, and I get a lot out of the interactions.

Whenever I look back through the archive of awareness materials I have written, I inevitably see opportunities for improvement and indeed every time I dust-off and revise an awareness module, I always find better - or at least different - ways to express things, as well as new things to say. Some of the old stuff really makes me cringe! Going forward, I hope I never stop learning and improving. It's a journey I hope will never end. It's my life.

Kind regards,

PS I'm conscious that this rant is wordy, with no fancy graphics. My bad ... but you are still reading!

No comments:

Post a Comment